Create Web Key

POST /v2beta/web_keys

Generate a private and public key pair. The private key can be used to sign OIDC tokens after activation. The public key can be used to validate OIDC tokens. The newly created key will have the state STATE_INITIAL and is published to the public key endpoint. Note that the JWKs OIDC endpoint returns a cacheable response.

If no key type is provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.

Required permission:

iam.web_key.write

Required feature flag:

web_key

Request

application/json
application/grpc
application/grpc-web+proto

Body

required

rsa

object

Create a RSA key pair and specify the bit size and hashing algorithm. If no bits and hasher are provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.

bits - RSA_BITS_2048: 2048 bit RSA key - RSA_BITS_3072: 3072 bit RSA key - RSA_BITS_4096: 4096 bit RSA key (string)

Possible values: [RSA_BITS_UNSPECIFIED, RSA_BITS_2048, RSA_BITS_3072, RSA_BITS_4096]

Default value: RSA_BITS_2048

Bit size of the RSA key. Default is 2048 bits.

hasher - RSA_HASHER_SHA256: SHA256 hashing algorithm resulting in the RS256 algorithm header - RSA_HASHER_SHA384: SHA384 hashing algorithm resulting in the RS384 algorithm header - RSA_HASHER_SHA512: SHA512 hashing algorithm resulting in the RS512 algorithm header (string)

Possible values: [RSA_HASHER_UNSPECIFIED, RSA_HASHER_SHA256, RSA_HASHER_SHA384, RSA_HASHER_SHA512]

Default value: RSA_HASHER_SHA256

Signing algrithm used. Default is SHA256.

ecdsa

object

Create a ECDSA key pair and specify the curve. If no curve is provided, a ECDSA key pair with P-256 curve will be created.

curve - ECDSA_CURVE_P256: NIST P-256 curve resulting in the ES256 algorithm header - ECDSA_CURVE_P384: NIST P-384 curve resulting in the ES384 algorithm header - ECDSA_CURVE_P512: NIST P-512 curve resulting in the ES512 algorithm header (string)

Possible values: [ECDSA_CURVE_UNSPECIFIED, ECDSA_CURVE_P256, ECDSA_CURVE_P384, ECDSA_CURVE_P512]

Default value: ECDSA_CURVE_P256

Curve of the ECDSA key. Default is P-256.

ed25519 object

Create a ED25519 key pair.

Body

required

rsa

object

Create a RSA key pair and specify the bit size and hashing algorithm. If no bits and hasher are provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.

bits - RSA_BITS_2048: 2048 bit RSA key - RSA_BITS_3072: 3072 bit RSA key - RSA_BITS_4096: 4096 bit RSA key (string)

Possible values: [RSA_BITS_UNSPECIFIED, RSA_BITS_2048, RSA_BITS_3072, RSA_BITS_4096]

Default value: RSA_BITS_2048

Bit size of the RSA key. Default is 2048 bits.

Possible values: [RSA_HASHER_UNSPECIFIED, RSA_HASHER_SHA256, RSA_HASHER_SHA384, RSA_HASHER_SHA512]

Default value: RSA_HASHER_SHA256

Signing algrithm used. Default is SHA256.

ecdsa

object

Create a ECDSA key pair and specify the curve. If no curve is provided, a ECDSA key pair with P-256 curve will be created.

Possible values: [ECDSA_CURVE_UNSPECIFIED, ECDSA_CURVE_P256, ECDSA_CURVE_P384, ECDSA_CURVE_P512]

Default value: ECDSA_CURVE_P256

Curve of the ECDSA key. Default is P-256.

ed25519 object

Create a ED25519 key pair.

Body

required

rsa

object

Create a RSA key pair and specify the bit size and hashing algorithm. If no bits and hasher are provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.

bits - RSA_BITS_2048: 2048 bit RSA key - RSA_BITS_3072: 3072 bit RSA key - RSA_BITS_4096: 4096 bit RSA key (string)

Possible values: [RSA_BITS_UNSPECIFIED, RSA_BITS_2048, RSA_BITS_3072, RSA_BITS_4096]

Default value: RSA_BITS_2048

Bit size of the RSA key. Default is 2048 bits.

Possible values: [RSA_HASHER_UNSPECIFIED, RSA_HASHER_SHA256, RSA_HASHER_SHA384, RSA_HASHER_SHA512]

Default value: RSA_HASHER_SHA256

Signing algrithm used. Default is SHA256.

ecdsa

object

Create a ECDSA key pair and specify the curve. If no curve is provided, a ECDSA key pair with P-256 curve will be created.

Possible values: [ECDSA_CURVE_UNSPECIFIED, ECDSA_CURVE_P256, ECDSA_CURVE_P384, ECDSA_CURVE_P512]

Default value: ECDSA_CURVE_P256

Curve of the ECDSA key. Default is P-256.

ed25519 object

Create a ED25519 key pair.

Responses

200
400
403
404
default

Web key created successfully.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

id string

The unique identifier of the newly created key.

creationDate date-time

The timestamp of the key creation.

{
  "id": "69629012906488334",
  "creationDate": "2024-12-18T07:50:47.492Z"
}

Schema
Example (from schema)

Schema

id string

The unique identifier of the newly created key.

creationDate date-time

The timestamp of the key creation.

{
  "id": "69629012906488334",
  "creationDate": "2024-12-18T07:50:47.492Z"
}

Schema
Example (from schema)

Schema

id string

The unique identifier of the newly created key.

creationDate date-time

The timestamp of the key creation.

{
  "id": "69629012906488334",
  "creationDate": "2024-12-18T07:50:47.492Z"
}

The feature flag web_key is not enabled.

application/json
application/grpc
application/grpc-web+proto

Schema

Schema

any

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Create Web Key

/v2beta/web_keys

Request​

Body

Body

Body

Responses​

Request

Responses